buguroo | Online Banking Fraud Blog

Cryptojacking and ransomware: Cyberthreat scenarios for 2019

Written by Tim Ayling | Jul 22, 2019 10:54:20 AM

Banks and other organizations within the finance industry are bound to encounter new data security threats throughout 2019. From nation state-directed strikes to targeted spear phishing attacks, the digital dangers poised to assail financial information technology infrastructure over this year are numerous, according to researchers from the International Data Group.  

However, there are two emerging threats that could prove particularly problematic for banks in 2019: cryptojacking malware and ransomware. These attack vectors have matured in recent years and now pose a serious hazard to financial institutions navigating today's digital banking environment.

Understanding the impact of cryptojacking

The emergence of cryptocurrency has fundamentally changed the nature of commerce and catalyzed transformation across multiple industries.

An estimated 139 million consumers worldwide now leverage cryptocurrency, with Bitcoin Cash, Bitcoin and Litecoin seeing the most use, analysts for the University of Cambridge in the U.K. discovered.

More than half of cryptocurrency adopters purchase goods and services using their online wallets, as numerous merchants have amended their transactional processes to support customers who wish to pay with digital tender. Traditional financial institutions have also begun to embrace cryptocurrency.

For instance, during the waning days of December 2018, a handful of international banks signed on to collaborate with popular cryptocurrency-centered online payment provider Ripple, per CCN.

The service supports more than 200 customers to date, including PNC Financial Services and Santander Bank. In addition to laying the groundwork for these sea changes, the rise of online coinage has brought about a number of new technologies - most notably, blockchain, on which enterprises worldwide are expected to spend approximately $2.6 billion in 2019, according to the International Data Group.

Together, these developments are overwhelmingly positive. However, one significant drawback has materialized as a consequence of cryptocurrency's emergence: cryptojacking. Bitcoin and other popular online cash alternatives are mined digitally. Only legitimate parties with immense computational power can mine cryptocurrency, a process wherein raw data is transformed into tender.

However, in recent years, hackers have entered the picture and set up black market mining operations via a technique called cryptojacking, which entails breaking into a large number of computers and harnessing their combined bandwidth to produce cryptocurrency.

This attack methodology can be used to take control of virtually any device, including smartphones, tablets and routers.

This past December, data security researchers learned that cybercriminals overseeing nefarious cryptomining efforts had taken control of more than 415,000 routers across the globe, The Next Web reported.

The monetary benefit that comes with cryptojacking is obvious. With the Bitcoin exchange rate at one to approximately $4,000, it behooves hackers to extract as much digital currency as possible.

As cryptocurrency and the infrastructure surrounding it matures in 2019, cryptojacking volume will undoubtedly increase, according to analysis from ESET. In 2017, cybercriminals launched just over 400,000 cryptomining ventures, per Trend Micro.

By the conclusion of the second quarter of 2018, the annual count stood nearly 800,000, a year-over-year rise of 141 percent. Should a similar jump unfold this year, businesses in the financial services sector will certainly feel the impact.

Innovators in the cryptojacking arena are developing new ways to cull cryptocurrency, including browser injection-based ransomware deployment and scaled machine-leaching, the Global Banking and Finance Review reported.


What exactly can banks and other financial institutions do to prevent or mitigate the impact of cryptojacking this year?

Since the malware hackers usually employ to gain control of unprotected online assets is delivered directly to end points, there is actually little internal information technology stakeholders can do in the way of prevention.

However, detection is certainly possible and an immensely valuable tool within the context of an overarching mitigation program. If banks can pinpoint nefarious code, they can quickly take steps to reduce the likelihood of infection.


Grappling with the continued scourge of ransomware

In recent years, both consumers and enterprises have become intimately familiar with ransomware, or computer programs that extort users by locking them out of their machines. It seems news items involving ransomware emerge daily.

For example, as the holiday season unfolded, hackers injected Ryuk ransomware into the servers of the Tribune Publishing Company, effectively mucking up both print and online operations at more than one dozen major American newspapers, according to the International Data Group.

Sadly, this activity is expected to continue throughout 2019. In fact, data security analysts for Cybersecurity Ventures anticipate costs related to ransomware will surpass $11 billion over this year 2019.

Financial institutions worldwide, many of which are already suffering at the hands of ransomware-wielding hackers, American Banker reported, will likely contribute to this amount due to a variety of factors. One, banks and the like maintain porous email clients that tend to let in ransomware-laden messages without raising red flags.

Secondly, cybercriminals are developing and deploying specialized ransomware variants specifically designed to intrude backend banking infrastructure. The banking Trojan is perhaps the most well-known of these emerging ransomware types.

These bugs are not entirely new to the digital threat environment, having been available for use for almost a decade, according to the Infosec Institute. However, they have become increasingly powerful in recent years as hackers have made tweaks to facilitate mobile deployment and other infection methods.

Even older banking Trojans that are well-known among data security experts continue to wreak havoc. This past October, researchers found that one banking Trojan that had been identified in 2016 was still being actively deployed, ZDNet reported.

Banks and other financial institutions have no choice but to address ransomware in 2019, lest they suffer significant losses.

While closing up obvious data security holes can have an impact, taking more advanced action, such as implementing bleeding-edge threat detection and identification software, may prove more effective.


Fraud prevention through behavioral biometrics

Are you interested in implementing this technology and addressing data security risks associated with cryptojacking and ransomware in this year? Consider connecting with buguroo, an international leader in behavioral biometrics-based fraud prevention solutions.

Our bugFraud solution records numerous customer gestures, generates detailed profiles and taps into machine-learning functionality to constantly compare these data points against live system activity. It also includes robust webpage and network analysis tools that can easily identify cybercriminals attempting code injection or connection masking.

Do you want to learn more about our bugFraud and how it can allow your organization to harness the power of behavioral biometrics? Contact buguroo today.